Preparing for a Linux or UNIX upgrade using the unified product installer
This topic provides the information you need to prepare your environment for the upgrade process on Linux and UNIX systems using the unified product installer. It includes information about supported upgrade paths and instructions for preparing to upgrade the TrueSight Server Automation system.
The topic includes the following sections:
The following sections provide information about the latest builds and the supported upgrade paths.
EPD version number
|Patch 3 for Service Pack 4 for version 8.9|
|8.9.04.003||December 6, 2019|
|Patch 2 for Service Pack 4 for version 8.9|
|8.9.04.002||September 18, 2019|
|Patch 1 for Service Pack 4 for version 8.9|
|8.9.04.001||June 21, 2019|
|Service Pack 4 for version 8.9|
|8.9.04||January 28, 2019|
|Patch 1 for version 8.9 Service Pack 3|
|8.9.03.001||October 5, 2018|
|Service Pack 3 for version 8.9|
|8.9.03||June 11, 2018|
Supported upgrade paths
The following figures illustrate the supported upgrade paths to TrueSight Server Automation 8.9.x.
If you are running BMC Server Automation 8.7 Patch 5 or 8.8 Patch 2, you cannot upgrade to version 8.9.01. However, you will be able to upgrade to version 8.9.02 after it is released. To receive proactive notifications for new releases, subscribe to BMC Server Automation's Subscription List on the BMC Support site.
If you are running BMC Server Automation 8.7 Patch 5 or 8.8 Patch 2, you cannot upgrade to version 8.9.00. However, you will be able to upgrade to version 8.9.02 after it is released. To receive proactive notifications for new releases, subscribe to BMC Server Automation's Subscription List on the BMC Support site.
In the above diagrams, abbreviations are defined as follows:
- BSA stands for BMC Server Automation or TrueSight Server Automation ( for version 8.9.03 and later)
- SP stands for Service Pack
- P stands for Patch
Step 1: Review requirements and limitations
Prior to upgrading, it is important to carefully review the following requirements and limitations.
Requirements for upgrade on Linux and UNIX
If your TrueSight Server Automation environment includes BMC Cloud Lifecycle Management, you need to ensure that you maintain compatibility with BMC Cloud Lifecycle Management. For more information, see Component BMC product service pack and patch levels in the BMC Cloud Lifecycle Management online technical documentation.
If your TrueSight Server Automation environment includes BMC Decision Support for Server Automation or TrueSight Smart Reporting for Server Automation, upgrade BMC Decision Support for Server Automation or TrueSight Smart Reporting for Server Automation before upgrading TrueSight Server Automation. For more information, see the BMC Decision Support for Server Automation or TrueSight Smart Reporting for Server Automation online technical documentation.
Review the following key requirements.
Click here to review.
The unified installer supports Windows 64-bit and Linux 64-bit operating systems. For a complete list of platforms supported by the unified installer, see Supported platforms.
|PXE server upgrades||To improve performance for the upgrade of remote PXE servers, manually copy the PXE installer binary (../installers/appserver_64/BSA89-SP3-LIN64.sh) to the PXE server prior to upgrading (for example, to the /tmp directory). The unified product installer validates the existence of the PXE installer binary under the expected location, and upgrades the PXE server during the upgrade process.|
|Windows X server requirement|
You must run the installer from a computer where a Windows X server is installed. Follow these steps before you install the product from a computer with X server software:
Upgrading to a new release can potentially create mismatches between the version of a custom configuration object, an agent, and any model objects that reference custom configuration objects. Therefore, as part of the upgrade process, you must distribute the latest versions of the custom configuration objects that are not included as part of an RSCD agent.
The product installation is automatically upgraded to the appropriate version when you upgrade the agent. However, you must upgrade any custom configuration objects that are not included with the agent by running a Distribute Configuration Objects Job. Configure this job to target servers to which custom configuration objects need to be distributed. For a list of those objects that are included as part of an agent installation and those that are not included with the agent and require distribution, see Custom configuration objects.
To upgrade custom configuration objects
Click here to see the steps for upgrading custom configuration objects.
To upgrade virtualization configuration objects
Click here to see the steps for upgrading virtualization configuration objects.
The Upgrade Model Object Job is not supported for upgrading virtualization configuration objects.
To upgrade configuration objects that you distributed in prior versions, complete the following steps:
Upgrading to a new release can potentially create mismatches between the version of a custom configuration object, an agent, and any model objects that reference custom configuration objects. Therefore, as part of the upgrade process, you must distribute the latest versions of custom configuration objects for the custom configuration objects that are not included as part of an agent. The installation are automatically upgraded to the appropriate version when you upgrade the agent. (See Custom configuration objects for a list of those objects.) You should upgrade any custom configuration objects not included with the agent by running a Distribute Configuration Objects Job. The job should target servers to which custom configuration objects should be distributed.
Click here to review a list of potential issues you can encounter during an upgrade.
If your id.pem certificate was created with a key size of 1024 bits (or less), you will need to regenerate it with a higher key size (2048 or higher). This is due to a change in the FIPS requirement for minimum key length (now 2048 bits).
The unified product installer must be run by a super user, that is, root or a root-equivalent user. This enables the installer to install components on remote Application Servers using existing RSCD Agents and SSH.
If you have a high security level enabled in your TrueSight Server Automation installation, the unified installer cannot upgrade the product through the RSCD Agent on the remote host computers. Before upgrading, you must temporarily adjust the security level on the machines where you want to upgrade the Application Servers. At the beginning of the upgrade process, the unified installer checks the security setup and, if problems are detected, issues an error message. This message helps you decide on the actions that you must take to adjust the security settings. For more information, see troubleshooting instructions for security settings. After the upgrade, remember to re-adjust your security settings, based on your unique needs and the IT security policies at your organization.
Before initiating the upgrade, the installer discovers the existing Application Servers and checks whether an RSCD Agent is installed on each Application Server. For Application Servers that do not have an RSCD Agent installed, the installer prompts you for the credentials of the relevant host computers and installs a fully authorized RSCD Agent on each server. Note that if you suspend or abort the upgrade, you will need to manually uninstall the RSCD Agent on each of the servers. After the upgrade, remember to re-adjust your security settings, based on your unique needs and the IT security policies at your organization.
In addition, ensure that the following security requirements are met before initiating the upgrade:
- Ensure that you have authentication profiles of any of the following types set up at your TrueSight Server Automation installation: Secure Remote Password (SRP) or LDAP.
Upgrade to TrueSight Server Automation version 8.9.03 or later is not supported through Active Directory Kerberos, PKI, or RSA SecureID authentication profiles.
- You must disable the use of client-side certificates that secure access between Application Servers and agents or repeaters before you upgrade using the unified product installer. For more information, see TLS with client-side certs - Discontinuing use of client-side certificates.
- Ensure that your firewall allows communication on all ports used by various components of TrueSight Server Automation. For more information on ports, see TrueSight Server Automation ports.
- Ensure that the port number that is used by the SSH service running on all hosts is 22, which is the default port number for SSH.
Limitations when using the unified product installer
|Category||Description of support or limitation|
|Multiple Application Server (MAS) environments||The unified product installer only supports upgrade of an homogeneous MAS environment, that is, either all Application Servers run on Linux 64-bit operating systems or all run on Windows 64-bit operating systems.|
|"Mixed" Application Server/database environments||The unified product installer supports upgrade of "mixed" Application Server/database environments (for example, Linux Application Server + Microsoft SQL Server database). The UPI does not require the database or the file server operating system to match the operating system of the Application Servers.|
For PXE servers to be upgraded by the unified product installer, they must be:
If your environment includes hybrid PXE servers (that is, PXE servers not running Windows or Linux), you must perform a workaround for the upgrade
Click here to see the workaround.
The unified product installer does not support the following upgrade scenarios:
Step 2: Prepare the database
During an upgrade process, core data is migrated to the upgraded TrueSight Server Automation database. To ensure that this migration completes successfully, you must prepare your database before performing the upgrade. To prepare your database, review the following list of prerequisite tasks and perform the tasks that are relevant for your environment.
|Back up the TrueSight Server Automation database.|
You must back up before beginning the data upgrade process.
The data upgrade occurs in place. If, for any reason, it should become impossible to complete the upgrade, the only way to
|Remove unnecessary deployments|
The migration process uses the database system ID information in the _template deployment to identify the database to migrate. In addition,
Certain deployments are transitory and can be removed before an upgrade as they are not needed for normal operation.
|Ensure that the database configuration information on the deployments of the Application Server is up-to-date|
Before upgrading the Application Server, ensure that the database configuration information on the deployments of the
You can use the blasadmin utility to check the database related and file server related information for each of the deployments (except _launcher).
You can use the following blasadmin commands. If either of these commands returns an error, you can use the blasadmin utility to
If these commands return an error, use the blasadmin utility to correct the configuration so that those commands do not return an error.
|(Oracle only) Grant privileges explicitly to the user account|
For an Oracle database, you must grant certain privileges explicitly to the user account (typically BLADELOGIC) that will be used during the upgrade.
Some of the privileges can be revoked after database migration is performed during the upgrade. For the complete list, see List of required database permissions.
Step 3: Prepare the automation environment
Perform these tasks in order. Many steps are prerequisites for other steps that occur later in the process.
- Back up the TrueSight Server Automation database. The data upgrade occurs in place. If, for any reason, it should become impossible to complete the upgrade, the only way to restore the database to its pre-upgrade state is from the backups.
- Ensure that the following components are up and running:
- All Application Servers
- PXE Server
- RSCD agents on Application Servers, PXE servers, and file servers.
- RSCD agents installed with the
–localoption on Application Servers, PXE servers, and file servers.
Back up the installation directories for all Application Servers and PXE servers. The default installation locations are:
- Application Server: /opt/bmc/bladelogic/NSH
- PXE Server: /opt/bmc/bladelogic/NSH
If you are upgrading the PXE server, follow the upgrade instructions for Windows or UNIX, to prevent loss of configuration settings.
Note that the user who installed the earlier version of the product might have changed the installation directory from the default location, so ensure that you have the right location. If your current installation is already an upgrade from a previous version, the paths might be different, due to differences in these locations in earlier versions of TrueSight Server Automation. If you do not know the installation location for TrueSight Server Automation components view the contents of the /usr/lib/rsc/HOME file (on Linux or UNIX) or the %WINDIR%\rsc\HOME file (on Windows).
Back up the TrueSight Server Automation file server storage location. For example, copy the entire contents of the storage location to a directory other than the current storage location.
Ensure that there is an agent installed on the Application Server. For agent installation on Linux or UNIX, use the
-localoption (as discussed in Installing components in non-default installation paths using the local flag). Similarly, if an RSCD agent and NSH are not already installed on the PXE server, install them now.
- If you are not running the UPI/Application Server installer directly from a graphical desktop on the Application Server host, you must forward the X Window GUI to another system w/ an X Server or use silent mode to install the Application Server (Windows).
The most common method to set up forwarding in a secured environment is to tunnel the X Window connection over an SSH connect between the X Server (your system) and the X Client (the Application Server in this case). Review your SSH client’s documentation for specific instructions, but generally:
- Set up the SSH client to forward the remote display across the SSH connection.
- When you log on to the remote system, set the DISPLAY environment variable to
- Your system must run an X Server. For Windows, you can use MobaXterm (which is also an SSH client), Xming, Xmanager, Exceed, and so on. Linux supports X Server natively.
Ensure that the following 32-bit and 64-bit required package is installed:
For RHEL 7: libncurses
- For versions earlier than RHEL 7: libtermcap
- Ensure that you have 4 GB on disk with temp space and 4 GB on disk with installation directory.
Ensure that you have disabled the NSH proxy on all Application Servers in the environment to avoid failure during upgrade. To disable the NSH proxy, run the following command on the NSH client:
secadmin -m default -p 5 -T encryption_only -e tls -appserver_protocol clear
This command temporarily removes the
appserver_protocol=ssoproxyentry from the default line in the secure file (in the rsc folder).
Note: After the upgrade completes, remember to add this entry back into the secure file. You can use the following command:
secadmin -m default -p 5 -appserver_protocol ssoproxy
To preserve the Live Reporting dashboard environment, back up the cacerts file (for example, /opt/bmc/bladelogic/appserver/NSH/br/java/lib/security/cacerts for Linux) to a separate safe location on the TrueSight Server Automation server. You must do this because the TrueSight Server Automation upgrade overwrites the existing cacerts.